Export limit exceeded: 25170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-10-24 | 6.1 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | ||||
| CVE-2023-2868 | 1 Barracuda | 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more | 2025-10-24 | 9.4 Critical |
| A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. | ||||
| CVE-2024-24919 | 1 Checkpoint | 7 Cloudguard Network, Cloudguard Network Security, Quantum Security Gateway and 4 more | 2025-10-24 | 8.6 High |
| Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. | ||||
| CVE-2025-61885 | 1 Oracle | 2 Health Sciences Inform, Life Sciences Inform | 2025-10-24 | 4.3 Medium |
| Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2025-6239 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-10-24 | 6.5 Medium |
| Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor. | ||||
| CVE-2023-42916 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Ipados, Iphone Os, Macos and 6 more | 2025-10-23 | 6.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | ||||
| CVE-2023-41061 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-10-23 | 7.8 High |
| A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2023-28204 | 3 Apple, Redhat, Webkitgtk | 9 Ipados, Iphone Os, Macos and 6 more | 2025-10-23 | 6.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2025-23193 | 1 Sap | 1 Sap Basis | 2025-10-23 | 5.3 Medium |
| SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability. | ||||
| CVE-2021-30761 | 2 Apple, Redhat | 3 Iphone Os, Enterprise Linux, Rhel Els | 2025-10-23 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30762 | 2 Apple, Redhat | 3 Iphone Os, Enterprise Linux, Rhel Els | 2025-10-23 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2022-32893 | 6 Apple, Debian, Fedoraproject and 3 more | 10 Ipados, Iphone Os, Macos and 7 more | 2025-10-23 | 8.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2021-1870 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2025-10-23 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1871 | 4 Apple, Debian, Fedoraproject and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2025-10-23 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2025-53036 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2025-10-23 | 8.6 High |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2025-53047 | 1 Oracle | 3 Database, Database Server, Oracle Database | 2025-10-23 | 5.8 Medium |
| Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjour to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Portable Clusterware accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | ||||
| CVE-2025-59438 | 3 Arm, Mbed, Mbed-tls | 3 Mbed Tls, Mbed, Mbedtls | 2025-10-23 | 5.3 Medium |
| Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. | ||||
| CVE-2021-30666 | 2 Apple, Redhat | 3 Iphone Os, Enterprise Linux, Rhel Els | 2025-10-23 | 8.8 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30665 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-10-23 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30661 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-10-23 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||